{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46330", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-22T22:41:54.911Z", "datePublished": "2025-04-29T04:34:37.061Z", "dateUpdated": "2025-04-29T13:40:22.200Z"}, "containers": {"cna": {"title": "Snowflake Connector for C/C++ retries malformed requests", "problemTypes": [{"descriptions": [{"cweId": "CWE-573", "lang": "en", "description": "CWE-573: Improper Following of Specification by Caller", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm"}, {"name": "https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2", "tags": ["x_refsource_MISC"], "url": "https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2"}], "affected": [{"vendor": "snowflakedb", "product": "libsnowflakeclient", "versions": [{"version": ">= 0.5.0, < 2.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-29T04:34:37.061Z"}, "descriptions": [{"lang": "en", "value": "libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0."}], "source": {"advisory": "GHSA-ch37-53v3-m4cm", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-29T13:40:12.468898Z", "id": "CVE-2025-46330", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T13:40:22.200Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46330", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-29T13:40:12.468898Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T13:40:17.288Z"}}], "cna": {"title": "Snowflake Connector for C/C++ retries malformed requests", "source": {"advisory": "GHSA-ch37-53v3-m4cm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "snowflakedb", "product": "libsnowflakeclient", "versions": [{"status": "affected", "version": ">= 0.5.0, < 2.2.0"}]}], "references": [{"url": "https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm", "name": "https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2", "name": "https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-573", "description": "CWE-573: Improper Following of Specification by Caller"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-29T04:34:37.061Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46330", "state": "PUBLISHED", "dateUpdated": "2025-04-29T13:40:22.200Z", "dateReserved": "2025-04-22T22:41:54.911Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-29T04:34:37.061Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snowflake:connector_for_c\\/c\\+\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0A1F10B-37C7-47D5-AB9E-A657E899CED4", "versionEndExcluding": "2.2.0", "versionStartIncluding": "0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0."}, {"lang": "es", "value": "libsnowflakeclient es el conector de Snowflake para C/C++. Las versiones desde la 0.5.0 hasta anteriores a la 2.2.0 tratan incorrectamente las solicitudes malformadas que causaban el c\u00f3digo de estado de respuesta HTTP 400 como si se pudieran reintentar. Esto pod\u00eda bloquear la aplicaci\u00f3n hasta que se enviaran las solicitudes SF_CON_MAX_RETRY. Este problema se ha corregido en la versi\u00f3n 2.2.0."}], "id": "CVE-2025-46330", "lastModified": "2025-05-09T19:37:48.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-04-29T05:15:46.817", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-573"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}

{}